Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 21:33:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Moved to net.sf.acegisecurity.providers.encoding.

Browse Source
This commit is contained in:
Ben Alex 2004-04-17 01:28:05 +00:00
parent 6815e693a7
commit ae16d96121
5 changed files with 0 additions and 275 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
core/src/main/java/org/acegisecurity/providers/dao/BaseDigestPasswordEncoder.java
View File

@ -1,44 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.providers.dao;
/**
* <p>
* Convenience base for Digest password encoders
* </p>
*
* @author colin sampaleanu
* @version $Id$
*/
public abstract class BaseDigestPasswordEncoder implements PasswordEncoder {
//~ Instance fields ========================================================
private boolean encodeHashAsBase64 = false;
//~ Methods ================================================================
/**
* The encoded password is normally returned as Hex (32 char) version of the
* hash bytes. Setting this property to true will cause the encoded pass to
* be returned as Base64 text, which will consume 24 characters.
*/
public void setEncodeHashAsBase64(boolean encodeHashAsBase64) {
this.encodeHashAsBase64 = encodeHashAsBase64;
}
public boolean getEncodeHashAsBase64() {
return encodeHashAsBase64;
}
}

63
core/src/main/java/org/acegisecurity/providers/dao/MD5PasswordEncoder.java
View File

@ -1,63 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.providers.dao;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
/**
* <p>
* MD5 implementation of PasswordEncoder.
* </p>
*
* <p>
* A null password is encoded to the same value as an empty ("") password.
* </p>
*
* @author colin sampaleanu
* @version $Id$
*/
public class MD5PasswordEncoder extends BaseDigestPasswordEncoder implements PasswordEncoder {
//~ Methods ================================================================
/* (non-Javadoc)
* @see net.sf.acegisecurity.providers.dao.PasswordEncoder#isPasswordValid(java.lang.String, java.lang.String, java.lang.Object)
*/
public boolean isPasswordValid(String encPass, String rawPass, Object saltSource) {
String pass1 = "" + encPass;
String pass2 = encodeInternal("" + rawPass);
return pass1.equals(pass2);
}
/* (non-Javadoc)
* @see net.sf.acegisecurity.providers.dao.PasswordEncoder#encodePassword(java.lang.String, java.lang.Object)
*/
public String encodePassword(String rawPass, Object saltSource) {
return encodeInternal("" + rawPass);
}
private String encodeInternal(String input) {
if (!getEncodeHashAsBase64())
return DigestUtils.md5Hex(input);
byte[] encoded = Base64.encodeBase64(DigestUtils.md5(input));
return new String(encoded);
}
}

38
core/src/main/java/org/acegisecurity/providers/dao/PasswordEncoder.java
View File

@ -1,38 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.providers.dao;
import org.springframework.dao.DataAccessException;
/**
* <p>
* Describes authentication operations on a password, so that digest algorithms
* can be abstracted
* </p>
*
* @author colin sampaleanu
* @version $Id$
*/
public interface PasswordEncoder {
//~ Methods ================================================================
public boolean isPasswordValid(String encPass, String rawPass,
Object saltSource)
throws DataAccessException;
public String encodePassword(String rawPass, Object saltSource) throws DataAccessException;
}

69
core/src/main/java/org/acegisecurity/providers/dao/PlaintextPasswordEncoder.java
View File

@ -1,69 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.providers.dao;
/**
* <p>
* Plaintext implementation of PasswordEncoder.
* </p>
*
* @author colin sampaleanu
* @version $Id$
*/
public class PlaintextPasswordEncoder implements PasswordEncoder {
//~ Instance fields ========================================================
private boolean ignorePasswordCase = false;
//~ Methods ================================================================
/**
* Indicates whether the password comparison is case sensitive. Defaults to
* <code>false</code>, meaning an exact case match is required.
*
* @param ignorePasswordCase set to <code>true</code> for less stringent
* comparison
*/
public void setIgnorePasswordCase(boolean ignorePasswordCase) {
this.ignorePasswordCase = ignorePasswordCase;
}
public boolean isIgnorePasswordCase() {
return ignorePasswordCase;
}
/* (non-Javadoc)
* @see net.sf.acegisecurity.providers.dao.PasswordEncoder#isPasswordValid(java.lang.String, java.lang.String, java.lang.Object)
*/
public boolean isPasswordValid(String encPass, String rawPass, Object saltSource) {
String pass1 = "" + encPass;
String pass2 = "" + rawPass;
if (!ignorePasswordCase) {
return pass1.equals(pass2);
} else {
return pass1.equalsIgnoreCase(pass2);
}
}
/* (non-Javadoc)
* @see net.sf.acegisecurity.providers.dao.PasswordEncoder#encodePassword(java.lang.String, java.lang.Object)
*/
public String encodePassword(String rawPass, Object saltSource) {
return rawPass;
}
}

61
core/src/main/java/org/acegisecurity/providers/dao/SHAPasswordEncoder.java
View File

@ -1,61 +0,0 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.providers.dao;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
/**
* <p>
* SHA implementation of PasswordEncoder.
* </p>
*
* <p>
* A null password is encoded to the same value as an empty ("") password.
* </p>
*
* @author colin sampaleanu
* @version $Id$
*/
public class SHAPasswordEncoder extends BaseDigestPasswordEncoder implements PasswordEncoder {
/* (non-Javadoc)
* @see net.sf.acegisecurity.providers.dao.PasswordEncoder#isPasswordValid(java.lang.String, java.lang.String, java.lang.Object)
*/
public boolean isPasswordValid(String encPass, String rawPass, Object saltSource) {
String pass1 = "" + encPass;
String pass2 = encodeInternal("" + rawPass);
return pass1.equals(pass2);
}
/* (non-Javadoc)
* @see net.sf.acegisecurity.providers.dao.PasswordEncoder#encodePassword(java.lang.String, java.lang.Object)
*/
public String encodePassword(String rawPass, Object saltSource) {
return encodeInternal("" + rawPass);
}
private String encodeInternal(String input) {
if (!getEncodeHashAsBase64())
return DigestUtils.shaHex(input);
byte[] encoded = Base64.encodeBase64(DigestUtils.sha(input));
return new String(encoded);
}
}